diff options
author | davidovski <david@davidovski.xyz> | 2022-04-11 13:30:34 +0100 |
---|---|---|
committer | davidovski <david@davidovski.xyz> | 2022-04-11 13:30:34 +0100 |
commit | bce4ac0f65ffb8bedcdcbdb94eb796457b12f9e1 (patch) | |
tree | 5070b9f21b192e6aa0f2a92584a7cbbc6a00d68c | |
parent | 65f2daa1e41f38db5e29a73af9c02d6c390b1d24 (diff) |
added files for pam and shadow
47 files changed, 797 insertions, 213 deletions
diff --git a/extra/elogind/elogind.initd b/extra/elogind/elogind.initd new file mode 100644 index 0000000..0c22ca9 --- /dev/null +++ b/extra/elogind/elogind.initd @@ -0,0 +1,23 @@ +#!/sbin/openrc-run +supervisor=supervise-daemon + +name="System login manager" +description="System service that manages user logins" +description_reload="Reload configuration without exiting" + +command=/usr/libexec/elogind/elogind + +depend() { + need dbus + + # Make sure we start before any other display manager + before display-manager +} + +extra_started_commands="reload" + +reload() { + ebegin "Reloading configuration" + $supervisor $RC_SVCNAME --signal HUP + eend $? +} diff --git a/extra/elogind/id-nobody.patch b/extra/elogind/id-nobody.patch new file mode 100644 index 0000000..5e9e5cd --- /dev/null +++ b/extra/elogind/id-nobody.patch @@ -0,0 +1,13 @@ +--- a/src/basic/user-util.h ++++ b/src/basic/user-util.h +@@ -70,8 +70,8 @@ int take_etc_passwd_lock(const char *root); + #define UID_INVALID ((uid_t) -1) + #define GID_INVALID ((gid_t) -1) + +-#define UID_NOBODY ((uid_t) 65534U) +-#define GID_NOBODY ((gid_t) 65534U) ++#define UID_NOBODY ((uid_t) 99U) ++#define GID_NOBODY ((gid_t) 99U) + + #define ETC_PASSWD_LOCK_PATH "/etc/.pwd.lock" + diff --git a/extra/elogind/mips.patch b/extra/elogind/mips.patch new file mode 100644 index 0000000..ca1c097 --- /dev/null +++ b/extra/elogind/mips.patch @@ -0,0 +1,11 @@ +--- a/src/basic/missing_syscall.h 2021-01-15 08:12:02.000000000 +0100 ++++ b/src/basic/missing_syscall.h 2021-02-24 07:20:32.026355819 +0100 +@@ -11,7 +11,7 @@ + #include <sys/wait.h> + #include <unistd.h> + +-#ifdef ARCH_MIPS ++#if defined(_MIPSEL) || defined(_MIPSEB) + #include <asm/sgidefs.h> + #endif + diff --git a/extra/elogind/ppc64-bad-tuple.patch b/extra/elogind/ppc64-bad-tuple.patch new file mode 100644 index 0000000..f6237ff --- /dev/null +++ b/extra/elogind/ppc64-bad-tuple.patch @@ -0,0 +1,25 @@ +From 0ce8ef86e8bfc872b40bc090fea9873fa1f51836 Mon Sep 17 00:00:00 2001 +From: q66 <daniel@octaforge.org> +Date: Thu, 21 Jan 2021 22:22:28 +0100 +Subject: [PATCH] fix ppc64 arch tuple + +--- + src/basic/architecture.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git src/basic/architecture.h src/basic/architecture.h +index 620b522..3ea6e52 100644 +--- a/src/basic/architecture.h ++++ b/src/basic/architecture.h +@@ -77,7 +77,7 @@ int uname_architecture(void); + #elif defined(__powerpc64__) + # if __BYTE_ORDER == __BIG_ENDIAN + # define native_architecture() ARCHITECTURE_PPC64 +-# define LIB_ARCH_TUPLE "ppc64-linux-gnu" ++# define LIB_ARCH_TUPLE "powerpc64-linux-gnu" + # define SECONDARY_ARCHITECTURE ARCHITECTURE_PPC + # else + # define native_architecture() ARCHITECTURE_PPC64_LE +-- +2.30.0 + diff --git a/extra/elogind/ppcle.patch b/extra/elogind/ppcle.patch new file mode 100644 index 0000000..b986b0f --- /dev/null +++ b/extra/elogind/ppcle.patch @@ -0,0 +1,25 @@ +From 836f3efb84a703b3594906572a54616d25cecf5e Mon Sep 17 00:00:00 2001 +From: q66 <daniel@octaforge.org> +Date: Thu, 21 Jan 2021 21:59:12 +0100 +Subject: [PATCH] add ppcle arch tuple + +--- + src/basic/architecture.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git src/basic/architecture.h src/basic/architecture.h +index 620b522..afdff7a 100644 +--- a/src/basic/architecture.h ++++ b/src/basic/architecture.h +@@ -94,7 +94,7 @@ int uname_architecture(void); + # endif + # else + # define native_architecture() ARCHITECTURE_PPC_LE +-# error "Missing LIB_ARCH_TUPLE for PPCLE" ++# define LIB_ARCH_TUPLE "powerpcle-linux-gnu" + # endif + #elif defined(__ia64__) + # define native_architecture() ARCHITECTURE_IA64 +-- +2.30.0 + diff --git a/extra/mesa/0001-radeonsi-On-Aarch64-force-persistent-buffers-to-GTT.patch b/extra/mesa/0001-radeonsi-On-Aarch64-force-persistent-buffers-to-GTT.patch new file mode 100644 index 0000000..ea855f6 --- /dev/null +++ b/extra/mesa/0001-radeonsi-On-Aarch64-force-persistent-buffers-to-GTT.patch @@ -0,0 +1,38 @@ +From d72aa8ae74ffb7329003f9f23ffa05833af951ab Mon Sep 17 00:00:00 2001 +From: Jon Nettleton <jon@solid-run.com> +Date: Fri, 14 Aug 2020 13:36:08 +0200 +Subject: [PATCH] radeonsi: On Aarch64 force persistent buffers to GTT + +This fixes a glamore corruption issue on the HoneyComb and by +internet reports should also fix problems seen on Huaweii +Kunpeng hardware. + +The root cause of the corruption needs to be worked out, but +this patch also adds a noticable performance improvement. The +aquarium webgl demo under chromium increases from 39-49 FPS +when 5000 fish being rendered is selected. Glmark scores also +improve by ~200 with no specific tests showing any regression. + +Signed-off-by: Jon Nettleton <jon@solid-run.com> +--- + src/gallium/drivers/radeonsi/si_buffer.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/gallium/drivers/radeonsi/si_buffer.c b/src/gallium/drivers/radeonsi/si_buffer.c +index 6b58aebee2d..c9e983367a0 100644 +--- a/src/gallium/drivers/radeonsi/si_buffer.c ++++ b/src/gallium/drivers/radeonsi/si_buffer.c +@@ -151,6 +151,11 @@ void si_init_resource_fields(struct si_screen *sscreen, struct si_resource *res, + */ + if (!sscreen->info.kernel_flushes_hdp_before_ib || !sscreen->info.is_amdgpu) + res->domains = RADEON_DOMAIN_GTT; ++ ++#if defined(PIPE_ARCH_AARCH64) ++ if (size <= 1024 * 512) ++ res->domains = RADEON_DOMAIN_GTT; ++#endif + } + + /* Tiled textures are unmappable. Always put them in VRAM. */ +-- +2.26.2 diff --git a/extra/mesa/add-use-elf-tls.patch b/extra/mesa/add-use-elf-tls.patch new file mode 100644 index 0000000..629c5ac --- /dev/null +++ b/extra/mesa/add-use-elf-tls.patch @@ -0,0 +1,29 @@ +diff --git a/meson.build b/meson.build +index e1e94e7..b355f94 100644 +--- a/meson.build ++++ b/meson.build +@@ -447,7 +447,9 @@ endif + + # Android uses emutls for versions <= P/28. For USE_ELF_TLS we need ELF TLS. + use_elf_tls = false +-if (not ['freebsd', 'openbsd', 'haiku'].contains(host_machine.system()) and ++with_use_elf_tls = get_option('use-elf-tls') ++if with_use_elf_tls and ++ (not ['freebsd', 'openbsd', 'haiku'].contains(host_machine.system()) and + (not with_platform_android or get_option('platform-sdk-version') >= 29) and + (not with_platform_windows or not with_shared_glapi)) + pre_args += '-DUSE_ELF_TLS' +diff --git a/meson_options.txt b/meson_options.txt +index a7030ab..73bd28e 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -465,3 +465,9 @@ option( + value : true, + description : 'use msse2 flag for mingw x86. Default: true', + ) ++option( ++ 'use-elf-tls', ++ type : 'boolean', ++ value : false, ++ description : 'Build support for initial-exec TLS model' ++) diff --git a/extra/mesa/disable-rgb10-by-default.patch b/extra/mesa/disable-rgb10-by-default.patch new file mode 100644 index 0000000..6e1158b --- /dev/null +++ b/extra/mesa/disable-rgb10-by-default.patch @@ -0,0 +1,25 @@ +From b33c8b56abcc4837f96f7f106b108681858482e0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com> +Date: Tue, 24 Apr 2018 09:46:41 +0200 +Subject: [PATCH] gallium: Disable rgb10 configs by default + +Applications tend to not handle rgb10 configs very well, so lets +disable it for now. + +https://bugzilla.redhat.com/show_bug.cgi?id=1560481 +--- + src/gallium/auxiliary/pipe-loader/driinfo_gallium.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/gallium/auxiliary/pipe-loader/driinfo_gallium.h b/src/gallium/auxiliary/pipe-loader/driinfo_gallium.h +index 3b630f7..b542e0c 100644 +--- a/src/gallium/auxiliary/pipe-loader/driinfo_gallium.h ++++ b/src/gallium/auxiliary/pipe-loader/driinfo_gallium.h +@@ -49,6 +49,6 @@ DRI_CONF_SECTION_MISCELLANEOUS + DRI_CONF_GLSL_ZERO_INIT(false) + DRI_CONF_VS_POSITION_ALWAYS_INVARIANT(false) + DRI_CONF_VS_POSITION_ALWAYS_PRECISE(false) +- DRI_CONF_ALLOW_RGB10_CONFIGS(true) ++ DRI_CONF_ALLOW_RGB10_CONFIGS(false) + DRI_CONF_FORCE_INTEGER_TEX_NEAREST(false) + DRI_CONF_SECTION_END diff --git a/extra/mesa/musl-fix-includes.patch b/extra/mesa/musl-fix-includes.patch new file mode 100644 index 0000000..8553d44 --- /dev/null +++ b/extra/mesa/musl-fix-includes.patch @@ -0,0 +1,13 @@ +diff --git a/src/util/rand_xor.c b/src/util/rand_xor.c +index 81b64f1ea71..14e6c9d27c3 100644 +--- a/src/util/rand_xor.c ++++ b/src/util/rand_xor.c +@@ -27,6 +27,8 @@ + #if !DETECT_OS_WINDOWS + #if defined(HAVE_GETRANDOM) + #include <sys/random.h> ++#include <sys/types.h> ++#include <sys/stat.h> + #endif + #include <unistd.h> + #include <fcntl.h> diff --git a/extra/pam/other.pamd b/extra/pam/other.pamd new file mode 100644 index 0000000..20bdb74 --- /dev/null +++ b/extra/pam/other.pamd @@ -0,0 +1,11 @@ + +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + + diff --git a/extra/pam/system-account.pamd b/extra/pam/system-account.pamd new file mode 100644 index 0000000..b36f26d --- /dev/null +++ b/extra/pam/system-account.pamd @@ -0,0 +1 @@ +account required pam_unix.so diff --git a/extra/pam/system-auth.pamd b/extra/pam/system-auth.pamd new file mode 100644 index 0000000..5f85baf --- /dev/null +++ b/extra/pam/system-auth.pamd @@ -0,0 +1,2 @@ +auth required pam_unix.so + diff --git a/extra/pam/system-password.pamd b/extra/pam/system-password.pamd new file mode 100644 index 0000000..56d5122 --- /dev/null +++ b/extra/pam/system-password.pamd @@ -0,0 +1,3 @@ +# basic PAM configuration for Alpine. + +password required pam_unix.so nullok md5 sha512 shadow try_first_pass diff --git a/extra/pam/system-session.pamd b/extra/pam/system-session.pamd new file mode 100644 index 0000000..5e25d29 --- /dev/null +++ b/extra/pam/system-session.pamd @@ -0,0 +1,3 @@ + +session required pam_unix.so + diff --git a/extra/shadow/chage.pamd b/extra/shadow/chage.pamd new file mode 100644 index 0000000..3f277f8 --- /dev/null +++ b/extra/shadow/chage.pamd @@ -0,0 +1,11 @@ +# Begin /etc/pam.d/chage + +# always allow root +auth sufficient pam_rootok.so + +# include system auth and account settings +auth include system-auth +account include system-account + +# End /etc/pam.d/chage + diff --git a/extra/shadow/chpasswd.pamd b/extra/shadow/chpasswd.pamd new file mode 100644 index 0000000..81afbee --- /dev/null +++ b/extra/shadow/chpasswd.pamd @@ -0,0 +1,12 @@ +# Begin /etc/pam.d/newusers + +# always allow root +auth sufficient pam_rootok.so + +# include system auth and account settings +auth include system-auth +account include system-account +password include system-password + +# End /etc/pam.d/newusers + diff --git a/extra/shadow/login.pamd b/extra/shadow/login.pamd new file mode 100644 index 0000000..c6410c1 --- /dev/null +++ b/extra/shadow/login.pamd @@ -0,0 +1,46 @@ +# Begin /etc/pam.d/login + +# Set failure delay before next prompt to 3 seconds +auth optional pam_faildelay.so delay=3000000 + +# Check to make sure that the user is allowed to login +auth requisite pam_nologin.so + +# Check to make sure that root is allowed to login +# Disabled by default. You will need to create /etc/securetty +# file for this module to function. See man 5 securetty. +#auth required pam_securetty.so + +# Additional group memberships - disabled by default +#auth optional pam_group.so + +# include system auth settings +auth include system-auth + +# check access for the user +account required pam_access.so + +# include system account settings +account include system-account + +# Set default environment variables for the user +session required pam_env.so + +# Set resource limits for the user +session required pam_limits.so + +# Display date of last login - Disabled by default +#session optional pam_lastlog.so + +# Display the message of the day - Disabled by default +#session optional pam_motd.so + +# Check user's mail - Disabled by default +#session optional pam_mail.so standard quiet + +# include system session and password settings +session include system-session +password include system-password + +# End /etc/pam.d/login + diff --git a/extra/shadow/newusers.pamd b/extra/shadow/newusers.pamd new file mode 100644 index 0000000..57f5cfa --- /dev/null +++ b/extra/shadow/newusers.pamd @@ -0,0 +1,12 @@ +# Begin /etc/pam.d/chpasswd + +# always allow root +auth sufficient pam_rootok.so + +# include system auth and account settings +auth include system-auth +account include system-account +password include system-password + +# End /etc/pam.d/chpasswd + diff --git a/extra/shadow/passwd.pamd b/extra/shadow/passwd.pamd new file mode 100644 index 0000000..83459e3 --- /dev/null +++ b/extra/shadow/passwd.pamd @@ -0,0 +1,6 @@ +# Begin /etc/pam.d/passwd + +password include system-password + +# End /etc/pam.d/passwd + diff --git a/extra/shadow/su.pamd b/extra/shadow/su.pamd new file mode 100644 index 0000000..ca6ab90 --- /dev/null +++ b/extra/shadow/su.pamd @@ -0,0 +1,27 @@ +# Begin /etc/pam.d/su + +# always allow root +auth sufficient pam_rootok.so + +# Allow users in the wheel group to execute su without a password +# disabled by default +#auth sufficient pam_wheel.so trust use_uid + +# include system auth settings +auth include system-auth + +# limit su to users in the wheel group +# disabled by default +#auth required pam_wheel.so use_uid + +# include system account settings +account include system-account + +# Set default environment variables for the service user +session required pam_env.so + +# include system session settings +session include system-session + +# End /etc/pam.d/su + diff --git a/extra/strace/disable-fortify.patch b/extra/strace/disable-fortify.patch new file mode 100644 index 0000000..26b2978 --- /dev/null +++ b/extra/strace/disable-fortify.patch @@ -0,0 +1,39 @@ +Subject: [PATCH] don't use fortify-headers on netlink test sources +From: A. Wilcox <AWilcox@Wilcox-Tech.com> + +We can't use fortify-headers on netlink tests because it tests what happens +when a buffer overrun occurs. + +--- strace-4.18/tests/netlink_protocol.c.old 2017-07-05 07:08:09.000000000 +0000 ++++ strace-4.18/tests/netlink_protocol.c 2017-08-17 01:09:45.822502012 +0000 +@@ -28,6 +28,8 @@ + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + ++#define _FORTIFY_SOURCE 0 ++ + #include "tests.h" + + #ifdef HAVE_SYS_XATTR_H +--- strace-4.18/tests/netlink_sock_diag.c.old 2017-07-05 07:08:09.000000000 +0000 ++++ strace-4.18/tests/netlink_sock_diag.c 2017-08-17 01:10:00.935807300 +0000 +@@ -27,6 +27,8 @@ + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + ++#define _FORTIFY_SOURCE 0 ++ + #include "tests.h" + #include <stdio.h> + #include <string.h> +--- strace-4.18/tests/nlattr.c.old 2017-07-05 07:08:09.000000000 +0000 ++++ strace-4.18/tests/nlattr.c 2017-08-17 01:10:11.862453682 +0000 +@@ -28,6 +28,8 @@ + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + ++#define _FORTIFY_SOURCE 0 ++ + #include "tests.h" + + #include <stdio.h> diff --git a/extra/strace/nlattr-fix.patch b/extra/strace/nlattr-fix.patch new file mode 100644 index 0000000..6d480fa --- /dev/null +++ b/extra/strace/nlattr-fix.patch @@ -0,0 +1,21 @@ +--- strace-4.18/tests/nlattr.c.old 2017-07-05 07:08:09.000000000 +0000 ++++ strace-4.18/tests/nlattr.c 2017-08-17 00:25:26.734218699 +0000 +@@ -61,7 +61,7 @@ + }; + struct msg *msg; + struct nlattr *nla; +- unsigned int msg_len; ++ uint32_t msg_len; + long rc; + + /* fetch fail: len < sizeof(struct nlattr) */ +@@ -259,7 +259,7 @@ + }; + struct msg *msg; + struct nlattr *nla; +- unsigned int msg_len; ++ uint32_t msg_len; + long rc; + + msg_len = NLMSG_SPACE(sizeof(msg->udm)) + sizeof(*nla); + diff --git a/extra/utmps/btmpd.initd b/extra/utmps/btmpd.initd new file mode 100644 index 0000000..b9acc72 --- /dev/null +++ b/extra/utmps/btmpd.initd @@ -0,0 +1,24 @@ +#!/sbin/openrc-run +# Copyright 2020-2021 Laurent Bercot for Alpine Linux +# Distributed under the terms of the ISC License. +# +name=btmpd +description="utmps daemon for the btmp service" + +command=/bin/s6-ipcserver +command_args="/run/utmps/.btmpd-socket utmps-wtmpd btmp" +command_user=utmp +command_background=yes +directory=/var/log/btmpd +pidfile=/run/utmps/btmpd.pid + +depend() { + need localmount utmp-prepare + after bootmisc + before networking +} + +start_pre() { + checkpath -d -o utmp:utmp -m 0755 /run/utmps + checkpath -d -o utmp:utmp -m 2755 /var/log/btmpd +} diff --git a/extra/utmps/btmpd.logrotate b/extra/utmps/btmpd.logrotate new file mode 100644 index 0000000..b681d90 --- /dev/null +++ b/extra/utmps/btmpd.logrotate @@ -0,0 +1,6 @@ +/var/log/btmpd/btmp { + missingok + monthly + create 0644 utmp utmp + rotate 3 +} diff --git a/extra/utmps/utmp-init.initd b/extra/utmps/utmp-init.initd new file mode 100644 index 0000000..acb4dbe --- /dev/null +++ b/extra/utmps/utmp-init.initd @@ -0,0 +1,21 @@ +#!/sbin/openrc-run +# Copyright 2020-2022 Laurent Bercot for Alpine Linux +# Distributed under the terms of the ISC License. +# +description="clearing and initialization of the utmp database" + +depend() { + need utmp-prepare utmpd wtmpd + before networking + after clock +} + +start() { + # Create an empty utmp file + checkpath -F -f -m 0644 -o utmp:utmp /run/utmps/utmp + + # Write the initial records as sysvinit/busybox init would do. + # 20018 = 256 * 'N' + '2'. Don't ask. + utmps-write -t 2000 -uw -l reboot -p 0 -h "$(uname -r)" -- '~~' BOOT_TIME '~' + utmps-write -t 2000 -uw -l runlevel -p 20018 -h "$(uname -r)" -- '~~' RUN_LVL '~' +} diff --git a/extra/utmps/utmp-prepare.initd b/extra/utmps/utmp-prepare.initd new file mode 100644 index 0000000..9f61249 --- /dev/null +++ b/extra/utmps/utmp-prepare.initd @@ -0,0 +1,25 @@ +#!/sbin/openrc-run +# Copyright 2020-2022 Laurent Bercot for Alpine Linux +# Distributed under the terms of the ISC License. +# +description="preparation of the utmp databases" + +depend() { + before networking + after clock +} + +start() { + if ! test -L /var/log/utmp || test "$(readlink /var/log/utmp)" != /run/utmps/utmp ; then + rm -f /var/log/utmp + ln -s /run/utmps/utmp /var/log/utmp + fi + if ! test -L /var/log/wtmp || test "$(readlink /var/log/wtmp)" != wtmpd/wtmp ; then + rm -f /var/log/wtmp + ln -s wtmpd/wtmp /var/log/wtmp + fi + if ! test -L /var/log/btmp || test "$(readlink /var/log/btmp)" != btmpd/btmp ; then + rm -f /var/log/btmp + ln -s btmpd/btmp /var/log/btmp + fi +} diff --git a/extra/utmps/utmpd.initd b/extra/utmps/utmpd.initd new file mode 100644 index 0000000..d04c6b9 --- /dev/null +++ b/extra/utmps/utmpd.initd @@ -0,0 +1,23 @@ +#!/sbin/openrc-run +# Copyright 2020-2021 Laurent Bercot for Alpine Linux +# Distributed under the terms of the ISC License. +# +name="utmpd" +description="utmps daemon for the utmp service" + +command=/bin/s6-ipcserver +command_args="/run/utmps/.utmpd-socket utmps-utmpd" +command_user=utmp +command_background=yes +directory=/run/utmps +pidfile=/run/utmps/utmpd.pid + +depend() { + need utmp-prepare + after bootmisc + before networking +} + +start_pre() { + checkpath -d -o utmp:utmp -m 0755 /run/utmps +} diff --git a/extra/utmps/wtmpd.initd b/extra/utmps/wtmpd.initd new file mode 100644 index 0000000..8d3f624 --- /dev/null +++ b/extra/utmps/wtmpd.initd @@ -0,0 +1,24 @@ +#!/sbin/openrc-run +# Copyright 2020-2021 Laurent Bercot for Alpine Linux +# Distributed under the terms of the ISC License. +# +name=wtmpd +description="utmps daemon for the wtmp service" + +command=/bin/s6-ipcserver +command_args="/run/utmps/.wtmpd-socket utmps-wtmpd wtmp" +command_user=utmp +command_background=yes +directory=/var/log/wtmpd +pidfile=/run/utmps/wtmpd.pid + +depend() { + need localmount utmp-prepare + after bootmisc + before networking +} + +start_pre() { + checkpath -d -o utmp:utmp -m 0755 /run/utmps + checkpath -d -o utmp:utmp -m 2755 /var/log/wtmpd +} diff --git a/extra/utmps/wtmpd.logrotate b/extra/utmps/wtmpd.logrotate new file mode 100644 index 0000000..bb23536 --- /dev/null +++ b/extra/utmps/wtmpd.logrotate @@ -0,0 +1,6 @@ +/var/log/wtmpd/wtmp { + missingok + monthly + create 0644 utmp utmp + rotate 3 +} diff --git a/repo/devel/strace.xibuild b/repo/devel/strace.xibuild new file mode 100644 index 0000000..e523146 --- /dev/null +++ b/repo/devel/strace.xibuild @@ -0,0 +1,33 @@ +#!/bin/sh + +MAKEDEPS="autoconf automake binutils-dev elfutils-dev gawk linux-headers" +DEPS="libelf musl" + +PKG_VER=5.17 +SOURCE=https://github.com/strace/strace/releases/download/v$PKG_VER/strace-$PKG_VER.tar.xz +ADDITIONAL=" +disable-fortify.patch +nlattr-fix.patch +" + +DESC="Diagnostic, debugging and instructional userspace tracer" + +prepare () { + apply_patches +} + +build () { + export CFLAGS="$CFLAGS -Dsigcontext_struct=sigcontext" + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var \ + --enable-mpers=no + make + +} + +package () { + make -j1 DESTDIR=$PKG_DEST install +} diff --git a/repo/linux/linux-headers.xibuild b/repo/linux/linux-headers.xibuild index c4a3a7e..f5404fe 100644 --- a/repo/linux/linux-headers.xibuild +++ b/repo/linux/linux-headers.xibuild @@ -3,7 +3,7 @@ MAKEDEPS="make cpio bc perl libelf kmod xmlto xz" DEPS="pahole" -PKG_VER=5.16.11 +PKG_VER=5.17.2 SOURCE=https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-$PKG_VER.tar.xz DESC="Linux kernel headers" diff --git a/repo/linux/linux.xibuild b/repo/linux/linux.xibuild index ebc74a6..72bd22d 100644 --- a/repo/linux/linux.xibuild +++ b/repo/linux/linux.xibuild @@ -3,7 +3,7 @@ MAKEDEPS="make bc" DEPS="sbase kmod" -PKG_VER=5.17.1 +PKG_VER=5.17.2 SOURCE=https://cdn.kernel.org/pub/linux/kernel/v${PKG_VER%%.*}.x/linux-$PKG_VER.tar.xz ADDITIONAL=" fix-sbase-coreutils.patch diff --git a/repo/meta/base-xorg.xibuild b/repo/meta/base-xorg.xibuild new file mode 100644 index 0000000..290e676 --- /dev/null +++ b/repo/meta/base-xorg.xibuild @@ -0,0 +1,111 @@ +#!/bin/sh +DEPS=" + xterm + iceauth + intel-vaapi-driver + libdmx + libdrm + libepoxy + libevdev + libfontenc + libfs + libice + libinput + libpciaccess + libsm + libva + libvdpau-va-gl + libvdpau + libwacom + libx11 + libxau + libxaw + libxcb + libxcomposite + libxcursor + libxcvt + libxdamage + libxdmcp + libxext + libxfixes + libxfont2 + libxft + libxinerama + libxi + libxkbfile + libxmu + libxpm + libxrandr + libxrender + libxres + libxscrnsaver + libxshmfence + libxtst + libxt + libxvmc + libxv + libxxf86dga + libxxf86vm + luit + mesa + mkfontscale + pixman + sessreg + setxkbmap + smproxy + wayland + x11perf + xauth + xbacklight + xbitmaps + xcb-proto + xcb-util-cursor + xcb-util-image + xcb-util-keysyms + xcb-util-renderutil + xcb-util-wm + xcb-util + xclock + xcmsdb + xcursorgen + xcursor-themes + xdpyinfo + xdriinfo + xev + xeyes + xf86-input-evdev + xf86-input-libinput + xf86-input-synaptics + xgamma + xhost + xinput + xkbcomp + xkbevd + xkbutils + xkeyboardconfig + xkill + xlsatoms + xlsclients + xmessage + xmodmap + xorg-libs + xorgproto + xorg-server + xorg-util-macros + xorg-xinit + xprop + xpr + xrandr + xrdb + xrefresh + xsetroot + xset + xtrans + xvinfo + xwd + xwininfo + xwud +" +MAKEDEPS="grep python" + +DESC="Base packages needed for xorg" diff --git a/repo/system/dbus.xibuild b/repo/system/dbus.xibuild index 795d2d7..66ea737 100644 --- a/repo/system/dbus.xibuild +++ b/repo/system/dbus.xibuild @@ -53,3 +53,8 @@ EOF install -Dm755 dbus.initd $PKG_DEST/etc/init.d/dbus install -Dm644 dbus.confd $PKG_DEST/etc/conf.d/dbus } + +postinstall () { + rc-update add dbus + rc-service dbus start +} diff --git a/repo/system/elogind.xibuild b/repo/system/elogind.xibuild index 9ecc089..6ed1231 100644 --- a/repo/system/elogind.xibuild +++ b/repo/system/elogind.xibuild @@ -6,10 +6,11 @@ DEPS="pam gperf eudev" PKG_VER=246.10 SOURCE=https://github.com/elogind/elogind/archive/v$PKG_VER/elogind-$PKG_VER.tar.gz ADDITIONAL=" -https://raw.githubusercontent.com/void-linux/void-packages/master/srcpkgs/elogind/patches/id-nobody.patch -https://raw.githubusercontent.com/void-linux/void-packages/master/srcpkgs/elogind/patches/mips.patch -https://raw.githubusercontent.com/void-linux/void-packages/master/srcpkgs/elogind/patches/ppc64-bad-tuple.patch -https://raw.githubusercontent.com/void-linux/void-packages/master/srcpkgs/elogind/patches/ppcle.patch +id-nobody.patch +mips.patch +ppc64-bad-tuple.patch +ppcle.patch +elogind.initd " DESC="The standalone logind daemon" @@ -51,6 +52,8 @@ package () { ln -sf libelogind.pc $PKG_DEST/usr/lib/pkgconfig/libsystemd.pc && ln -sf elogind $PKG_DEST/usr/include/systemd + install -Dm755 elogind.initd $PKG_DEST/etc/init.d/elogind + sed -e '/\[Login\]/a KillUserProcesses=no' \ -i $PKG_DEST/etc/elogind/logind.conf @@ -84,3 +87,8 @@ EOF } + +postinstall () { + rc-update add elogind + rc-service elogind start +} diff --git a/repo/system/nsss.xibuild b/repo/system/nsss.xibuild index dc3fb07..2623641 100644 --- a/repo/system/nsss.xibuild +++ b/repo/system/nsss.xibuild @@ -10,7 +10,7 @@ SOURCE=https://skarnet.org/software/nsss/nsss-$PKG_VER.tar.gz DESC="Minimal competing implementation of glibc's Name Switch Service" build () { - ./configure --prefix=/usr \ + ./configure --prefix=/usr \ --exec-prefix=/usr \ --with-dynlib=/usr/lib \ --libexecdir=/usr/lib/nsss \ diff --git a/repo/system/openrc.xibuild b/repo/system/openrc.xibuild index f60598f..fb99da4 100644 --- a/repo/system/openrc.xibuild +++ b/repo/system/openrc.xibuild @@ -54,8 +54,8 @@ check () { package () { make LIBEXECDIR=/lib/rc DESTDIR="$PKG_DEST/" MKSYSVINIT=yes install - # remove -n from ln in mtab - sed -i "s/ln -snf/ln -sf/g" $PKG_DEST/etc/init.d/mtab + # remove -n from ln in mtab, devfs + sed -i "s/ln -snf/ln -sf/g" $PKG_DEST/etc/init.d/mtab $PKG_DEST/etc/init.d/devfs ln -s openrc-init $PKG_DEST/sbin/init diff --git a/repo/system/pam.xibuild b/repo/system/pam.xibuild index 2637e30..366ec3c 100644 --- a/repo/system/pam.xibuild +++ b/repo/system/pam.xibuild @@ -5,6 +5,13 @@ DEPS="musl libxcrypt" PKG_VER=1.5.2 SOURCE=https://github.com/linux-pam/linux-pam/releases/download/v$PKG_VER/Linux-PAM-$PKG_VER.tar.xz +ADDITIONAL=" + system-auth.pamd + system-account.pamd + system-password.pamd + system-session.pamd + other.pamd +" DESC="PAM (Pluggable Authentication Modules) library" prepare () { @@ -29,53 +36,11 @@ package () { make DESTDIR=$PKG_DEST install install -m755 -d $PKG_DEST/etc/pam.d - install -dm755 $PKG_DEST/etc/pam.d - cat > $PKG_DEST/etc/pam.d/system-account << "EOF" -# Begin /etc/pam.d/system-account - -account required pam_unix.so - -# End /etc/pam.d/system-account -EOF - - cat > $PKG_DEST/etc/pam.d/system-auth << "EOF" -# Begin /etc/pam.d/system-auth - -auth required pam_unix.so - -# End /etc/pam.d/system-auth -EOF - - cat > $PKG_DEST/etc/pam.d/system-session << "EOF" -# Begin /etc/pam.d/system-session - -session required pam_unix.so - -# End /etc/pam.d/system-session -EOF - - cat > $PKG_DEST/etc/pam.d/system-password << "EOF" -# Begin /etc/pam.d/system-password - -# use sha512 hash for encryption, use shadow, and try to use any previously -# defined authentication token (chosen password) set by any prior module -password required pam_unix.so sha512 shadow try_first_pass - -# End /etc/pam.d/system-password -EOF - cat > $PKG_DEST/etc/pam.d/other << "EOF" -# Begin /etc/pam.d/other - -auth required pam_warn.so -auth required pam_deny.so -account required pam_warn.so -account required pam_deny.so -password required pam_warn.so -password required pam_deny.so -session required pam_warn.so -session required pam_deny.so - -# End /etc/pam.d/other -EOF - + cp system-account.pamd $PKG_DEST/etc/pam.d/system-account + cp system-auth.pamd $PKG_DEST/etc/pam.d/system-auth + cp system-password.pamd $PKG_DEST/etc/pam.d/system-password + cp system-session.pamd $PKG_DEST/etc/pam.d/system-session + cp other.pamd $PKG_DEST/etc/pam.d/other + [ -d $PKG_DEST/usr/lib/systemd ] && rm -r $PKG_DEST/usr/lib/systemd + return 0 } diff --git a/repo/system/shadow.xibuild b/repo/system/shadow.xibuild index 9d490c4..22bd2f1 100644 --- a/repo/system/shadow.xibuild +++ b/repo/system/shadow.xibuild @@ -7,6 +7,14 @@ PKG_VER=4.11.1 SOURCE=https://github.com/shadow-maint/shadow/releases/download/v$PKG_VER/shadow-$PKG_VER.tar.xz DESC="Password and account management tool suite with support for shadow files and PAM" +ADDITIONAL=" + chage.pamd + chpasswd.pamd + login.pamd + newusers.pamd + passwd.pamd + su.pamd +" prepare () { @@ -26,7 +34,24 @@ prepare () { } build () { - ./configure --sysconfdir=/etc --with-group-name-max-length=32 + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var \ + --disable-account-tools-setuid \ + --disable-nls \ + --without-audit \ + --with-libpam \ + --without-selinux \ + --without-acl \ + --without-attr \ + --without-tcb \ + --with-yescrypt \ + --without-nscd \ + --without-group-name-max-length \ + --with-fcaps + make } @@ -34,150 +59,33 @@ package () { make exec_prefix=/usr DESTDIR=$PKG_DEST install make DESTDIR=$PKG_DEST -C man install-man mkdir -p $PKG_DEST/etc/default + + [ -d $PKG_DEST/etc/pam.d ] && rm -rf $PKG_DEST/etc/pam.d/* + install -m644 $PKG_DEST/etc/login.defs $PKG_DEST/etc/login.defs.orig && - for FUNCTION in FAIL_DELAY \ - FAILLOG_ENAB \ - LASTLOG_ENAB \ - MAIL_CHECK_ENAB \ - OBSCURE_CHECKS_ENAB \ - PORTTIME_CHECKS_ENAB \ - QUOTAS_ENAB \ - CONSOLE MOTD_FILE \ - FTMP_FILE NOLOGINS_FILE \ - ENV_HZ PASS_MIN_LEN \ - SU_WHEEL_ONLY \ - CRACKLIB_DICTPATH \ - PASS_CHANGE_TRIES \ - PASS_ALWAYS_WARN \ - CHFN_AUTH ENCRYPT_METHOD \ - ENVIRON_FILE - do - sed -i "s/^${FUNCTION}/# &/" $PKG_DEST/etc/login.defs + echo "USERGROUPS_ENAB yes"> $PKG_DEST/etc/login.defs + + for f in $ADDITIONAL; do + case $f in + *.pamd) + cp $f $PKG_DEST/etc/pam.d/${f%.pamd} + ;; + esac done - - cat > $PKG_DEST/etc/pam.d/login << "EOF" -# Begin /etc/pam.d/login - -# Set failure delay before next prompt to 3 seconds -auth optional pam_faildelay.so delay=3000000 - -# Check to make sure that the user is allowed to login -auth requisite pam_nologin.so - -# Check to make sure that root is allowed to login -# Disabled by default. You will need to create /etc/securetty -# file for this module to function. See man 5 securetty. -#auth required pam_securetty.so - -# Additional group memberships - disabled by default -#auth optional pam_group.so - -# include system auth settings -auth include system-auth - -# check access for the user -account required pam_access.so - -# include system account settings -account include system-account - -# Set default environment variables for the user -session required pam_env.so - -# Set resource limits for the user -session required pam_limits.so - -# Display date of last login - Disabled by default -#session optional pam_lastlog.so - -# Display the message of the day - Disabled by default -#session optional pam_motd.so - -# Check user's mail - Disabled by default -#session optional pam_mail.so standard quiet - -# include system session and password settings -session include system-session -password include system-password - -# End /etc/pam.d/login -EOF - - cat > $PKG_DEST/etc/pam.d/passwd << "EOF" -# Begin /etc/pam.d/passwd - -password include system-password - -# End /etc/pam.d/passwd -EOF - - cat > $PKG_DEST/etc/pam.d/su << "EOF" -# Begin /etc/pam.d/su - -# always allow root -auth sufficient pam_rootok.so - -# Allow users in the wheel group to execute su without a password -# disabled by default -#auth sufficient pam_wheel.so trust use_uid - -# include system auth settings -auth include system-auth - -# limit su to users in the wheel group -auth required pam_wheel.so use_uid - -# include system account settings -account include system-account - -# Set default environment variables for the service user -session required pam_env.so - -# include system session settings -session include system-session - -# End /etc/pam.d/su -EOF - - cat > $PKG_DEST/etc/pam.d/chpasswd << "EOF" -# Begin /etc/pam.d/chpasswd - -# always allow root -auth sufficient pam_rootok.so - -# include system auth and account settings -auth include system-auth -account include system-account -password include system-password - -# End /etc/pam.d/chpasswd -EOF - -sed -e s/chpasswd/newusers/ $PKG_DEST/etc/pam.d/chpasswd >$PKG_DEST/etc/pam.d/newusers - - cat > $PKG_DEST/etc/pam.d/chage << "EOF" -# Begin /etc/pam.d/chage - -# always allow root -auth sufficient pam_rootok.so - -# include system auth and account settings -auth include system-auth -account include system-account - -# End /etc/pam.d/chage -EOF + cp $PKG_DEST/etc/pam.d/su $PKG_DEST/etc/pam.d/su-l for PROGRAM in chfn chgpasswd chsh groupadd groupdel \ groupmems groupmod useradd userdel usermod do - install -m644 $PKG_DEST/etc/pam.d/chage $PKG_DEST/etc/pam.d/${PROGRAM} + install -m644 chage.pamd $PKG_DEST/etc/pam.d/${PROGRAM} sed -i "s/chage/$PROGRAM/" $PKG_DEST/etc/pam.d/${PROGRAM} done - [ -f $PKG_DEST/etc/login.access ] && mv $PKG_DEST/etc/login.access{,.NOUSE} || true - [ -f $PKG_DEST/etc/limits ] && mv $PKG_DEST/etc/limits{,.NOUSE} || true + [ -f $PKG_DEST/etc/login.access ] && mv $PKG_DEST/etc/login.access $PKG_DEST/etc/login.access.NOUSE || true + [ -f $PKG_DEST/etc/limits ] && mv $PKG_DEST/etc/limits $PKG_DEST/etc/limits.NOUSE || true + + rm $PKG_DEST/usr/bin/su } postinstall () { @@ -222,7 +130,7 @@ users:x:999: EOF /usr/sbin/pwconv /usr/sbin/grpconv + chmod 0640 /etc/shadow mkdir -p /etc/default /usr/sbin/useradd -D --gid 999 - } diff --git a/repo/system/utmps.xibuild b/repo/system/utmps.xibuild index c5c5922..900aae8 100644 --- a/repo/system/utmps.xibuild +++ b/repo/system/utmps.xibuild @@ -6,6 +6,16 @@ DEPS="skalibs" PKG_VER=0.1.1.0 SOURCE=https://skarnet.org/software/utmps/utmps-$PKG_VER.tar.gz +ADDITIONAL=" +btmpd.initd +btmpd.logrotate +utmpd.initd +utmp-init.initd +utmp-prepare.initd +wtmpd.initd +wtmpd.logrotate +" + DESC="Library implementing utmpx.h family of functions" build () { @@ -31,8 +41,13 @@ Requires.private: skalibs Libs: -lutmps Cflags: -I/usr/include/utmps EOF - - #ln -s utmps/wtmp /var/log/wtmp + install -D -m755 utmp-prepare.initd "$PKG_DEST/etc/init.d/utmp-prepare" + install -D -m755 utmpd.initd "$PKG_DEST/etc/init.d/utmpd" + install -D -m755 wtmpd.initd "$PKG_DEST/etc/init.d/wtmpd" + install -D -m755 btmpd.initd "$PKG_DEST/etc/init.d/btmpd" + install -D -m755 utmp-init.initd "$PKG_DEST/etc/init.d/utmp-init" + install -D -m644 wtmpd.logrotate "$PKG_DEST/etc/logrotate.d/wtmpd" + install -D -m644 btmpd.logrotate "$PKG_DEST/etc/logrotate.d/btmpd" } postinstall () { @@ -40,8 +55,21 @@ postinstall () { command -v useradd || exit 1 command -v chown || exit 1 - useradd -c "utmps user" -d /run/utmps \ + grep -q "utmps" /etc/passwd || useradd -c "utmps user" -d /run/utmps \ -u 984 -g utmp -s /bin/false utmp [ -d /var/log/utmps ] || mkdir -p /var/log/utmps + [ -d /var/log/wtmp ] && mv /var/log/wtmp /var/log/utmps chown -R utmp:utmp /var/log/utmps + [ -e /var/log/wtmp ] || ln -s utmps/wtmp /var/log/wtmp + +# utmps is broken, dont try to make services with it without s6 ipc +# rc-update add utmp-prepare boot +# rc-update add utmpd boot +# rc-update add wtmpd boot +# rc-update add btmpd boot +# rc-update add utmp-init boot +# rc-service utmp-prepare start +# rc-service utmpd start +# rc-service wtmpd start +# rc-service btmpd start } diff --git a/repo/util/inetutils.xibuild b/repo/util/inetutils.xibuild index dd7adc5..485f7c7 100644 --- a/repo/util/inetutils.xibuild +++ b/repo/util/inetutils.xibuild @@ -1,7 +1,7 @@ #!/bin/sh -MAKEDEPS="make " -DEPS="pam libcap readline ncurses libxcrypt utmps iana-etc net-tools" +MAKEDEPS="make utmps" +DEPS="pam libcap readline ncurses libxcrypt iana-etc net-tools" PKG_VER=2.2 SOURCE=https://ftp.gnu.org/gnu/inetutils/inetutils-$PKG_VER.tar.xz diff --git a/repo/util/net-tools.xibuild b/repo/util/net-tools.xibuild index bc232dc..0b1d792 100644 --- a/repo/util/net-tools.xibuild +++ b/repo/util/net-tools.xibuild @@ -1,7 +1,7 @@ #!/bin/sh -MAKEDEPS="make " -DEPS="pam libcap readline ncurses libxcrypt utmps iana-etc net-tools" +MAKEDEPS="make utmps " +DEPS="pam libcap readline ncurses libxcrypt iana-etc net-tools" PKG_VER=2.10 SOURCE=https://github.com/ecki/net-tools diff --git a/repo/util/procps-ng.xibuild b/repo/util/procps-ng.xibuild index 0bdcfd5..27d35da 100644 --- a/repo/util/procps-ng.xibuild +++ b/repo/util/procps-ng.xibuild @@ -1,7 +1,7 @@ #!/bin/sh -MAKEDEPS="make " -DEPS="utmps ncurses" +MAKEDEPS="make utmps" +DEPS="ncurses" PKG_VER=3.3.17 SOURCE=https://sourceforge.net/projects/procps-ng/files/Production/procps-ng-$PKG_VER.tar.xz diff --git a/repo/util/wpa_supplicant.xibuild b/repo/util/wpa_supplicant.xibuild index a1fb282..b1b1f20 100644 --- a/repo/util/wpa_supplicant.xibuild +++ b/repo/util/wpa_supplicant.xibuild @@ -1,7 +1,7 @@ #!/bin/sh -MAKEDEPS="make libxml2 pcsc-lite" -DEPS="libnl openssl readline dbus" +MAKEDEPS="make libxml2" +DEPS="libnl openssl readline dbus pcsc-lite libnl" PKG_VER=2.10 diff --git a/repo/x11/bspwm.xibuild b/repo/x11/bspwm.xibuild index 5512061..7887321 100644 --- a/repo/x11/bspwm.xibuild +++ b/repo/x11/bspwm.xibuild @@ -13,5 +13,5 @@ build () { } package () { - make PREFIX=/usr DESTDIR=$PKG_DEST install + make DESTDIR=$PKG_DEST PREFIX=/usr install } diff --git a/repo/x11/mesa.xibuild b/repo/x11/mesa.xibuild index 37a976b..3a5bcbf 100644 --- a/repo/x11/mesa.xibuild +++ b/repo/x11/mesa.xibuild @@ -6,20 +6,21 @@ DEPS="xorg-libs libdrm" PKG_VER=21.3.7 SOURCE=https://mesa.freedesktop.org/archive/mesa-$PKG_VER.tar.xz ADDITIONAL=" - mesa-$PKG_VER-add_xdemos-1.patch - mesa-$PKG_VER-nouveau_fixes-1.patch + 0001-radeonsi-On-Aarch64-force-persistent-buffers-to-GTT.patch + add-use-elf-tls.patch + disable-rgb10-by-default.patch + mesa-21.3.7-add_xdemos-1.patch + mesa-21.3.7-nouveau_fixes-1.patch + musl-fix-includes.patch " DESC="An implementation of the OpenGL specification" prepare () { - patch -Np1 -i mesa-$PKG_VER-add_xdemos-1.patch + apply_patches export GALLIUM_DRV="crocus,i915,iris,nouveau,r600,radeonsi,svga,swrast,virgl" export DRI_DRIVERS="i965,nouveau" - - patch -Np1 -i mesa-$PKG_VER-nouveau_fixes-1.patch - } build () { diff --git a/repo/xi/xipkg.xibuild b/repo/xi/xipkg.xibuild index 06ad176..2872646 100644 --- a/repo/xi/xipkg.xibuild +++ b/repo/xi/xipkg.xibuild @@ -3,7 +3,7 @@ MAKEDEPS="make" DEPS="openssl curl dash xiutils findutils diffutils sed xichroot grep base64" -PKG_VER=1.1.6 +PKG_VER=1.1.7 SOURCE=https://git.davidovski.xyz/xilinux/xipkg.git BRANCH="v$PKG_VER" |